Google cloud console provides a browser based SSH client that we can use to easily connect to our google cloud console instance. However there are reasons why you might want to connect using your operating systems ssh client. One being faster connection and response obviously. Secondly it’s easier to manage your virtual server from your OS terminal instead of first opening a browser, going to the gcc website and then opening the terminal after so many steps.
In this tutorial, we’ll see how we can connect to google cloud console instance via terminal on Mac OS. I’ve tested it on macbook pro running macOS mojave (10.14.2).
The same process should be valid for any other terminals too, of other mac os version or in ubuntu or other linux too.
This tutorial will also fix Permission denied (publickey). while trying to connect the GCC cloud virtual server without following these steps.
Steps to connect Google Cloud Console via SSH using Mac Terminal
Steps can be outlined as:
- Generate SSH key on Mac Terminal (or any terminal on linux)
- Edit SSH key settings in GCC (google cloud console)
- Connect to Google Cloud Console Instance using SSH using macOS Terminal or linux terminal
- Troubleshooting & Additional steps for certain situations
1. Generate SSH key on Mac Terminal
First step is to generate the SSH keys on your macbook.
To do that, open terminal on macbook and run this command:
ssh-keygen
Note that it will ask you to add a pass phrase. It is recommended to setup a pass phrase as it will prevent anyone from having your computer access from accessing your GCC instance without a passcode.
Once you run this command, private and public keys are generated and saved in default folder. You can access them in folder:
cd /Users/<your-username>/.ssh/
ls -al
cd command will take you to that folder and ls -al will list them with some details.
Now show the public key by running this command:
tail id_rsa.pub
This command will output the public key generated. Note that we can open the file by using any macbook terminal file editor like nano too, but tail is the simplest manner to do this.
Copy the content of public key outputted by the tail command. It should start with ssh-rsa and end with your local macbook username.
Note that this step is usually the confusing one as people assume this to be done on google cloud console. It’s not. You have to run this command on macbook pro terminal to generate your ssh public and private keys.
2. Edit SSH key settings in Google Cloud console
Now we’ll open the ssh key settings on our google cloud console, so that we can add or edit the public key that we just generated and copied above.
- Goto google cloud console.
- Click on Compute Engine > VM Instances
- Click on the name of your Virtual Machine instance from the list on VM instances page.
- Click on Edit on top of the VM instance details page.
- Scroll down to find the section: SSH Keys
- Click Add item
- Paste the public key generated and copied above on your macOS terminal.
- Change the username in the end to your working VM instance username, (for example root)
- Save (at the bottom of the page).
We’re all done setting up google cloud console SSH access on our macbook pro via terminal.
3. Connect to Google Cloud Console Instance using SSH from macOS Terminal
Now we can easily connect to our GCC instance using the macbook terminal. Simply enter this command to connect to your google cloud console virtual machine.
ssh <user-name?@<server-public-ip>
Change the user-name to your google cloud console virtual server username. This is the username that we entered in the end of public key while entering it on GCC VM instance edit page.
Change the server-public-ip to your server public ip. This is the ip address that’s shown on the VM Instances list page under External IP.
You’ll be asked to enter a pass phrase if you set it up in the ssh-keygen step on your macOS. Use that pass phrase, not your google cloud console account’s original password.
4. Troubleshooting & Additional steps for certain situations
If you get the error:
root@xxx.xxx.xxx: Permission denied (publickey).
This means that your ~/.ssh folder has more than one public key and doesn’t have any key associated to this server in config file.
Solution is to modify the connect string and connect like this:
ssh -i ~/.ssh/<key_name_here> <user-name?@<server-public-ip>
Note that the <key_name_here> should be the name without .pub extension. For example only id_rsa not id_rsa_pub.
If you’re trying to connect using filezilla and face same issue, then you can copy the same key file to any other folder (as the .ssh folder can’t be browsed by the filezilla file finder) and then use it.
Please let me know if you feel any difficulty in any of these steps.